security vulnerability – Experimental News Clipping Site

The Register: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried

Oct 6, 2025

—

by

Source URL: https://www.theregister.com/2025/10/06/microsoft_blames_medusa_ransomware_affiliates/ Source: The Register Title: Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried Feedly Summary: You can’t find anything bad if you don’t look, right? Medusa ransomware affiliates are among those exploiting a maximum-severity bug in Fortra’s GoAnywhere managed file transfer (MFT) product, according to Microsoft Threat Intelligence.……

The Register: Level-10 vuln lurking in Redis source code for 13 years could allow remote code execution

Oct 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/10/06/perfect_10_redis_rce_lurking/ Source: The Register Title: Level-10 vuln lurking in Redis source code for 13 years could allow remote code execution Feedly Summary: No evidence of exploitation … yet A 13-year-old critical flaw in Redis servers, rated a perfect 10 out of 10 in severity, can let an authenticated user trigger remote code execution.……

Slashdot: Mouse Sensors Can Pick Up Speech From Surface Vibrations, Researchers Show

Oct 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/10/05/2225224/mouse-sensors-can-pick-up-speech-from-surface-vibrations-researchers-show?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Mouse Sensors Can Pick Up Speech From Surface Vibrations, Researchers Show Feedly Summary: AI Summary and Description: Yes Summary: Researchers from the University of California, Irvine, have identified a security vulnerability in high-performance optical mice that can be exploited to capture audio data from a user’s environment, effectively turning…

Simon Willison’s Weblog: Sora 2 prompt injection

Oct 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Oct/3/cameo-prompt-injections/ Source: Simon Willison’s Weblog Title: Sora 2 prompt injection Feedly Summary: It turns out Sora 2 is vulnerable to prompt injection! When you onboard to Sora you get the option to create your own “cameo" – a virtual video recreation of yourself. Here’s mine singing opera at the Royal Albert Hall. You…

The Register: ‘Delightful’ root-access bug in Red Hat OpenShift AI allows full cluster takeover

Oct 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/10/01/critical_red_hat_openshift_ai_bug/ Source: The Register Title: ‘Delightful’ root-access bug in Red Hat OpenShift AI allows full cluster takeover Feedly Summary: Who wouldn’t want root access on cluster master nodes? A 9.9 out of 10 severity bug in Red Hat’s OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt…

The Register: One line of malicious npm code led to massive Postmark email heist

Sep 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ Source: The Register Title: One line of malicious npm code led to massive Postmark email heist Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding…

Wired: Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say

Sep 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wired.com/story/tile-tracking-tags-can-be-exploited-by-tech-savvy-stalkers-researchers-say/ Source: Wired Title: Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say Feedly Summary: A team of researchers found that, by not encrypting the data broadcast by Tile tags, users could be vulnerable to having their location information exposed to malicious actors. AI Summary and Description: Yes Summary: The text…

The Register: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales

Sep 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/26/salesforce_agentforce_forceleak_attack/ Source: The Register Title: Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales Feedly Summary: More fun with AI agents and their security holes A now-fixed flaw in Salesforce’s Agentforce could have allowed external attackers to steal sensitive customer data via prompt injection, according to security researchers…

The Register: Zero-day deja vu as another Cisco IOS bug comes under attack

Sep 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/25/zeroday_deja_vu_another_cisco/ Source: The Register Title: Zero-day deja vu as another Cisco IOS bug comes under attack Feedly Summary: The latest in a run of serious networking bugs gives attackers root if they have SNMP access Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that…

Simon Willison’s Weblog: Cross-Agent Privilege Escalation: When Agents Free Each Other

Sep 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Sep/24/cross-agent-privilege-escalation/ Source: Simon Willison’s Weblog Title: Cross-Agent Privilege Escalation: When Agents Free Each Other Feedly Summary: Cross-Agent Privilege Escalation: When Agents Free Each Other Here’s a clever new form of AI exploit from Johann Rehberger, who has coined the term Cross-Agent Privilege Escalation to describe an attack where multiple coding agents – GitHub…

Tag: security vulnerability